Tech Support Forum - View Single Post

Ried · 04-17-2006, 05:35 PM

Hello SilentDragon,

Please copy these instructions to Notepad and save to your desktop for reference while in Safe Mode.

Before we begin, you are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C: then click on File > New > Folder and call it HJT , or another name of your choice. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files.

Download Ewido Security Suite

Install Ewido Security Suite
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it. Do not run it yet.

---------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.

---------------------------

Run a scan in HijackThis. 'Check' each of the following if they still exist:

O2 - BHO: (no name) - {58F07DD3-924D-4141-BC74-299F523A95F1} - (no file)
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Owner\LOCALS~1\Temp\2005714111852_mcinfo.exe /insfin
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

Click 'Fix Checked' and close HijackThis.

---------------------------

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Standard CleanUp!"
*Uncheck the following:
-Delete Newsgroup cache
-Delete Newsgroup Subscriptions
-Scan local drives for temporary files
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.
Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility

---------------------------

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

"Perform action on all infections"
Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. Ewido is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

---------------------------

Reboot into Normal Mode.

---------------------------

Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

**A box may appear asking you for a Password, click 'Cancel'
Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
Click on see report. Then click Save report

Please post that log in your next reply along with the Ewido results and a new HijackThis log.

Also, is this the same PCthat was recently infected? Did you update from XP straight to this SP2 while having problems?

04-17-2006, 05:35 PM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,611 OS: WinXP and Vista	Hello SilentDragon, Please copy these instructions to Notepad and save to your desktop for reference while in Safe Mode. Before we begin, you are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C: then click on File > New > Folder and call it HJT , or another name of your choice. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files. Download Ewido Security Suite Install Ewido Security Suite When installing, under "Additional Options" uncheck.. Install background guard Install scan via context menu Double-click the icon on Desktop to launch Ewido You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it. Do not run it yet. --------------------------- Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. --------------------------- Run a scan in HijackThis. 'Check' each of the following if they still exist: O2 - BHO: (no name) - {58F07DD3-924D-4141-BC74-299F523A95F1} - (no file) O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Owner\LOCALS~1\Temp\2005714111852_mcinfo.exe /insfin O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u Click 'Fix Checked' and close HijackThis. --------------------------- Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Standard CleanUp!" *Uncheck the following: -Delete Newsgroup cache -Delete Newsgroup Subscriptions -Scan local drives for temporary files Click OK Press the CleanUp! button to start the program. Reboot/logoff when prompted. Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility --------------------------- Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option: "Perform action on all infections" Choose clean and click OK. Once finished, click the Save report button & save the report to your desktop Ewido scan would require at least an hour. Ewido is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner. --------------------------- Reboot into Normal Mode. --------------------------- Perform an online scan using Internet Explorer with Panda ActiveScan click on "Free use ActiveScan" located on the top right hand corner Click Check Now & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Enter your e-mail address, country, and state & click Scan Now* ...begins downloading 8 MB Panda's ActiveX controls A box may appear asking you for a Password, click 'Cancel' Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and wants you to buy the program for removal as we will address this later. Click on see report. Then click Save report Please post that log in your next reply along with the Ewido results and a new HijackThis log**. Also, is this the same PCthat was recently infected? Did you update from XP straight to this SP2 while having problems? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."